In theory, the device supports the combination of authentication, authorization, and accounting. For example, the device can provide local authentication, local authorization, and RADIUS accounting.
In practice, the schemes in Table 1 are often used separately. Multiple authentication or authorization modes can be used in a scheme. For example, local authentication is used as a backup of RADIUS authentication and HWTACACS authentication, and local authorization is used as a backup of HWTACACS authorization.
Configuration Task |
Overview |
Task |
|---|---|---|
Local authentication and authorization |
If users need to be authenticated or authorized but no RADIUS server or HWTACACS server is deployed on the network, use local authentication and authorization. Local authentication and authorization feature fast processing and low operation costs; however, the amount of local authentication and authorization information that can be stored is subject to the device hardware capacity. Local authentication and authorization are often used for administrators. |
|
RADIUS authentication, authorization, and accounting |
RADIUS protects a network from unauthorized access, and is often used on networks demanding high security and control of remote user access. |
Using RADIUS to Perform Authentication, Authorization, and Accounting |
HWTACACS authentication, authorization, and accounting |
HWTACACS protects a network from unauthorized access and supports command-line authorization. HWTACACS is more reliable in transmission and encryption than RADIUS, and is more suitable for security control. |
Using HWTACACS to Perform Authentication, Authorization, and Accounting |